Author: jerry Date: 2004-12-10 21:08:34 +0000 (Fri, 10 Dec 2004) New Revision: 4134
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4134 Log: check the setprinter(3) based on the access permissions on the handle and avoid the call to print_access_chaeck() Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-12-10 20:50:49 UTC (rev 4133) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2004-12-10 21:08:34 UTC (rev 4134) @@ -5860,7 +5860,18 @@ result = WERR_BADFID; goto done; } + + /* Check the user has permissions to change the security + descriptor. By experimentation with two NT machines, the user + requires Full Access to the printer to change security + information. */ + if ( Printer->access_granted != PRINTER_ACCESS_ADMINISTER ) { + DEBUG(4,("update_printer_sec: updated denied by printer permissions\n")); + result = WERR_ACCESS_DENIED; + goto done; + } + /* NT seems to like setting the security descriptor even though nothing may have actually changed. */ @@ -5909,20 +5920,6 @@ goto done; } - /* Work out which user is performing the operation */ - - get_current_user(&user, p); - - /* Check the user has permissions to change the security - descriptor. By experimentation with two NT machines, the user - requires Full Access to the printer to change security - information. */ - - if (!print_access_check(&user, snum, PRINTER_ACCESS_ADMINISTER)) { - result = WERR_ACCESS_DENIED; - goto done; - } - result = nt_printing_setsec(Printer->sharename, new_secdesc_ctr); done:
